3 Things To Do If Phished

August 24, 2017

Title and settlement companies impersonated as part of an email phishing scam should notify customers as soon as possible, contact law enforcement, provide resources for affected consumers and review the company’s security practices, according to the Federal Trade Commission (FTC).

Offering immediate advice and support can help companies retain customer goodwill.

Here are tips on how to respond if your business is impersonated in a phishing scam:

  • Notify consumers of the scam. If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your customers as soon as possible. If your business has a social media presence, announce the scam on your social media sites and warn customers to ignore suspicious emails or texts purporting to be from your company. You can also inform your customers of the phishing scam by email or letter. The important point is to remind your customers that legitimate businesses like yours would never solicit sensitive personal information through insecure channels like email or text messages.
  • Contact law enforcement. If you become aware of a phishing scam impersonating your business, report the scam to the FBI’s Internet Crime Complaint Center. Suggest that affected customers forward any phishing emails impersonating your business to the Anti Phishing Working Group, a public-private partnership against cybercrime. Consumers also can file a complaint with the FTC.
  • Provide resources for affected consumers. If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, direct them to http://www.identitytheft.gov/ where they can report and recover from identity theft. For more information about recommended computer security practices, direct consumers to resources on the FTC’s consumer information site where they can learn how to protect themselves online and avoid phishing attacks.

Companies should use fraudulent emails as a reminder to update security practices as well as taking advantage of them as training opportunity for their staff. Criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims, which makes constant awareness and education a necessity. 

Data security isn’t just a one-and-done checklist. Threats are ever-evolving, so your defenses need to be nimble, too. Check out the FTC’s data security portal for information on securing sensitive customer information. Follow case developments and read publications designed for companies of any size and sector, including Start with Security and the recently refreshed Protecting Personal Information: A Guide for Business. Pressed for time? Pledge two minutes a day to watch a video from the FTC’s resource library for businesses. The third pillar of ALTA’s Title Insurance and Settlement Company Best Practices provides guidance on adopting and maintaining a written privacy and information security program to protect non-public personal information.

Contact ALTA at 202-296-3671 or communications@alta.org.